Incorporating Privacy Outcomes: Teaching an Old Dog New Tricks
暂无分享,去创建一个
Canadian government bodies are subject to a number of requirements, including legislation, regulations,directives and policies, that speaks to informational privacy. These have come to be considered synonymous with the completion of a Privacy Impact Assessment. Some go so far as to specifically require an assessment, but few speak to specific technical content. Nor are there process requirements for sustaining privacy standards once the assessment document is submitted. At best, recommendations are identified to enhance the privacy posture of a program area's information management practices, but there is no mechanism to ensure that they are implemented. We propose the PIA process be adapted to mandate privacy outcomes in terms of specific actions that must betaken once the assessment is complete. Starting with the established PIA document, the program area can identify how to best marry the privacy requirements with the established business processes supporting the service delivery line. The result would incorporate privacy outcomes as ongoing activities and include not only consideration of agency requirements for personal information management, but also the impact to an individual's informational privacy.
[1] Colin J. Bennett,et al. Taking the measure of privacy: can data protection be evaluated? , 1996 .
[2] Nancy Holmes,et al. Protection of Personal Information in the Private Sector , 2005 .
[3] Louis D. Brandeis,et al. The Right to Privacy , 1890 .